From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/mail/xmpp_user_edit.php |  172 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 172 insertions(+), 0 deletions(-)

diff --git a/interface/web/mail/xmpp_user_edit.php b/interface/web/mail/xmpp_user_edit.php
new file mode 100644
index 0000000..16d440a
--- /dev/null
+++ b/interface/web/mail/xmpp_user_edit.php
@@ -0,0 +1,172 @@
+<?php
+/*
+Copyright (c) 2005 - 2009, Till Brehm, projektfarm Gmbh
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+/******************************************
+* Begin Form configuration
+******************************************/
+
+$tform_def_file = "form/xmpp_user.tform.php";
+
+/******************************************
+* End Form configuration
+******************************************/
+
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
+
+//* Check permissions for module
+$app->auth->check_module_permissions('mail');
+
+// Loading classes
+$app->uses('tpl,tform,tform_actions');
+$app->load('tform_actions');
+
+class page_action extends tform_actions {
+
+
+	function onShowNew() {
+		global $app, $conf;
+
+		// we will check only users, not admins
+		if($_SESSION["s"]["user"]["typ"] == 'user') {
+			if(!$app->tform->checkClientLimit('limit_xmpp_user')) {
+				$app->error($app->tform->wordbook["limit_xmpp_user_txt"]);
+			}
+			if(!$app->tform->checkResellerLimit('limit_xmpp_user')) {
+				$app->error('Reseller: '.$app->tform->wordbook["limit_xmpp_user_txt"]);
+			}
+		}
+
+		parent::onShowNew();
+	}
+
+	function onShowEnd() {
+		global $app, $conf;
+
+		$jid = $this->dataRecord["jid"];
+		$jid_parts = explode("@", $jid);
+		$app->tpl->setVar("jid_local_part", $jid_parts[0]);
+		$jid_parts[1] = $app->functions->idn_decode($jid_parts[1]);
+
+		// Getting Domains of the user
+		$sql = "SELECT domain, server_id FROM xmpp_domain WHERE ".$app->tform->getAuthSQL('r')." ORDER BY domain";
+		$domains = $app->db->queryAllRecords($sql);
+		$domain_select = '';
+		if(is_array($domains)) {
+			foreach( $domains as $domain) {
+				$domain['domain'] = $app->functions->idn_decode($domain['domain']);
+				$selected = ($domain["domain"] == @$jid_parts[1])?'SELECTED':'';
+				$domain_select .= "<option value='$domain[domain]' $selected>$domain[domain]</option>\r\n";
+			}
+		}
+		$app->tpl->setVar("jid_domain", $domain_select);
+		unset($domains);
+		unset($domain_select);
+
+
+		parent::onShowEnd();
+	}
+
+	function onSubmit() {
+		global $app, $conf;
+		//* Check if Domain belongs to user
+		if(isset($_POST["jid_domain"])) {
+			$domain = $app->db->queryOneRecord("SELECT server_id, domain FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));
+			if($domain["domain"] != $app->functions->idn_encode($_POST["jid_domain"])) $app->tform->errorMessage .= $app->tform->lng("no_domain_perm");
+		}
+
+
+		//* if its an insert, check that the password is not empty
+		if($this->id == 0 && $_POST["password"] == '') {
+			$app->tform->errorMessage .= $app->tform->lng("error_no_pwd")."<br>";
+		}
+
+		//* Check the client limits, if user is not the admin
+		if($_SESSION["s"]["user"]["typ"] != 'admin') { // if user is not admin
+			// Get the limits of the client
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
+			$client = $app->db->queryOneRecord("SELECT limit_xmpp_user, parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
+
+
+			// Check if the user may add another xmpp user.
+			if($this->id == 0 && $client["limit_xmpp_user"] >= 0) {
+				$tmp = $app->db->queryOneRecord("SELECT count(xmppuser_id) as number FROM xmpp_user WHERE sys_groupid = ?", $client_group_id);
+				if($tmp["number"] >= $client["limit_xmpp_user"]) {
+					$app->tform->errorMessage .= $app->tform->lng("limit_xmpp_user_txt")."<br>";
+				}
+				unset($tmp);
+			}
+		} // end if user is not admin
+
+
+		$app->uses('getconf');
+		$xmpp_config = $app->getconf->get_server_config(!empty($domain["server_id"]) ? $domain["server_id"] : '', 'xmpp');
+
+		//* compose the xmpp field
+		if(isset($_POST["jid_local_part"]) && isset($_POST["jid_domain"])) {
+			$this->dataRecord["jid"] = strtolower($_POST["jid_local_part"]."@".$app->functions->idn_encode($_POST["jid_domain"]));
+
+			// Set the server id of the xmpp user = server ID of xmpp domain.
+			$this->dataRecord["server_id"] = $domain["server_id"];
+
+			unset($this->dataRecord["jid_local_part"]);
+			unset($this->dataRecord["jid_domain"]);
+
+		}
+
+		parent::onSubmit();
+	}
+
+	function onAfterInsert() {
+		global $app, $conf;
+
+		// Set the domain owner as xmpp user owner
+		$domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));
+		$app->db->query("UPDATE xmpp_user SET sys_groupid = ? WHERE xmppuser_id = ?", $domain["sys_groupid"], $this->id);
+
+	}
+
+	function onAfterUpdate() {
+		global $app, $conf;
+
+		// Set the domain owner as mailbox owner
+		if(isset($_POST["xmpp_domain"])) {
+			$domain = $app->db->queryOneRecord("SELECT sys_groupid, server_id FROM xmpp_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["jid_domain"]));
+			$app->db->query("UPDATE xmpp_user SET sys_groupid = ? WHERE xmppuser_id = ?", $domain["sys_groupid"], $this->id);
+
+		}
+	}
+
+}
+
+$app->tform_actions = new page_action;
+$app->tform_actions->onLoad();
+
+?>

--
Gitblit v1.9.1